def post(self):
user = database.users.get_current_user()
if (
user
and database.get_current_li()
and database.get_current_li().is_admin
and database.get_current_li().verify_xsrf_token(self)
):
name = cgi.escape(database.quick_sanitize(self.request.get("name")))
url = cgi.escape(database.quick_sanitize(self.request.get("url")))
foreign_auth_token = cgi.escape(database.quick_sanitize(self.request.get("auth_token")))
local_auth_token = hashlib.sha1(str(random.random()) + url + str(time.clock())).hexdigest()
partner = database.TrustedPartner()
partner.name = name
partner.base_url = url
partner.local_auth_token = local_auth_token
if foreign_auth_token != "":
partner.foreign_auth_token = foreign_auth_token
else:
partner.foreign_auth_token = "-1"
if (
url != ""
and database.db.GqlQuery("SELECT * FROM TrustedPartner WHERE base_url = :1", url).get() == None
):
partner.put()
self.redirect(self.request.referer)
else:
self.redirect("/")
def post(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
item = database.Item()
item.title = cgi.escape(database.quick_sanitize(self.request.get('title')))
item.description = cgi.escape(database.sanitizeHTML(self.request.get('description')))
if (len(item.description) > 40):
item.summary = item.description[:40].rstrip() + "..."
else:
item.summary = item.description
item.price = float('%.2f' % float(cgi.escape(self.request.get('price'))))
item.created_by_id = user.user_id()
item.is_active = True
item.deactivated = False
item.bidding_enabled = bool(self.request.get('bidding_enabled'))
item.sponsored = bool(self.request.get('sponsored'))
item.is_active = not bool(self.request.get('show_item'))
if self.request.get('photo'):
image = database.images.resize(self.request.get('photo'), 512, 512)
item.image = db.Blob(image)
item.expiration_date = database.datetime.date.today() + database.datetime.timedelta(weeks=4) #get 4 weeks of posting
key = item.put()
item = database.db.get(db.Key.from_path('Item', key.id()))
webservices.send_new_item_notification(self, item)
database.logging.info("Created a new item.\nTitle: %s\nDescription: %s\nPrice: %s\nCreatedBy: %s", item.title, item.description, item.price, item.created_by_id)
self.redirect('/items/')
else:
self.redirect('/')
def post(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
li = database.get_current_li()
li.first_name = cgi.escape(database.quick_sanitize(self.request.get('first_name')))
li.last_name = cgi.escape(database.quick_sanitize(self.request.get('last_name')))
li.email = user.email()
li.nickname = cgi.escape(database.quick_sanitize(self.request.get('nickname')))
li.private = bool(self.request.get('private'))
li.desc = cgi.escape(database.sanitizeHTML(self.request.get('desc')))
li.external_user = False
if(self.request.get('avatar')):
li.avatar = database.db.Blob(database.images.resize(self.request.get('avatar'), 128, 128))
li.put()
database.logging.info("Updating LoginInformation. Info: \nFirst name: %s\nLast Name: %s\nUserID: %s\n",
li.first_name, li.last_name, li.user_id)
self.redirect(self.request.referer)
else:
self.redirect('/')
def post(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
if user and current_li and current_li.is_admin and current_li.verify_xsrf_token(self):
partner = database.db.get(
db.Key.from_path("TrustedPartner", int(cgi.escape(self.request.get("partner_id"))))
)
partner.name = cgi.escape(database.quick_sanitize(self.request.get("name")))
new_url = cgi.escape(database.quick_sanitize(self.request.get("url")))
new_foreign_auth_token = cgi.escape(database.quick_sanitize(self.request.get("foreign_auth_token")))
if (
new_url != ""
and database.db.GqlQuery("SELECT * FROM TrustedPartner WHERE base_url = :1", new_url).get() == None
):
partner.base_url = new_url
partner.foreign_auth_token = new_foreign_auth_token
partner.put()
self.redirect("/admin/partners")
else:
self.redirect("/")
def post(self):
user = database.users.get_current_user()
li = database.db.GqlQuery("SELECT * FROM LoginInformation WHERE user_id = :1", user.user_id())
#check for duplicates
if user and li.count() == 1:
li = database.get_current_li()
if li.verify_xsrf_token(self):
li.first_name = cgi.escape(database.quick_sanitize(self.request.get('first_name')))
li.last_name = cgi.escape(database.quick_sanitize(self.request.get('last_name')))
li.nickname = cgi.escape(database.quick_sanitize(self.request.get("nickname")))
li.private = bool(self.request.get("private"))
li.external_user = False
li.is_active = True
if user.email() == '*****@*****.**' or user.email() == '*****@*****.**':
li.is_admin = True
else:
li.is_admin = database.users.is_current_user_admin()
li.desc = cgi.escape(database.sanitizeHTML(self.request.get('desc')))
if(self.request.get('avatar')):
li.avatar = database.db.Blob(database.images.resize(self.request.get('avatar'), 128, 128))
li.put()
database.logging.info("Saving new LoginInformation. Info:\nFirst name: %s\nLast Name: %s\nUserID: %s\nAdmin: %s\n",
li.first_name, li.last_name, li.user_id, li.is_admin)
self.redirect('/')
def post(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
if user and current_li and current_li.verify_xsrf_token(self):
item = db.get(db.Key.from_path('Item', int(cgi.escape(self.request.get('item_id')))))
if item.created_by_id == current_li.user_id:
item.title = cgi.escape(database.quick_sanitize(self.request.get('title')))
item.description = cgi.escape(database.sanitizeHTML(self.request.get('description')))
item.bidding_enabled = bool(self.request.get('bidding_enabled'))
if (len(item.description) > 40):
item.summary = item.description[:40] + "..."
else:
item.summary = item.description
item.price = float('%.2f' % float(cgi.escape(self.request.get('price'))))
item.is_active = not bool(self.request.get('show_item'))
item.sponsored = bool(self.request.get('sponsored'))
if self.request.get('photo'):
item.image = database.db.Blob(database.images.resize(self.request.get('photo'), 512, 512))
database.logging.info("Item #%s changed to:\nTitle: %s\nDescription: %s\nPrice: %f", item.key().id(), item.title, item.description, item.price)
item.put()
self.redirect('/items/my_items')
else:
self.redirect('/')
def get(self):
query = cgi.escape(database.quick_sanitize(self.request.get('query')))
limit = cgi.escape(database.quick_sanitize(self.request.get('query_limit')))
search_by = cgi.escape(database.quick_sanitize(self.request.get('query_search_by')))
sort_by = {
"a" : {
"sort_field" : cgi.escape(database.quick_sanitize(self.request.get('query_sortA'))),
"order" : cgi.escape(database.quick_sanitize(self.request.get('query_orderA')))
},
"b" : {
"sort_field" : cgi.escape(database.quick_sanitize(self.request.get('query_sortB'))),
"order" : cgi.escape(database.quick_sanitize(self.request.get('query_orderB')))
}
}
items = db.GqlQuery("SELECT * FROM Item ORDER BY created_at DESC") #grab all the items first
#now tokenize the input by spaces
query_tokens = database.string.split(query)
results = []
for item in items:
add = False
for tok in query_tokens:
if database.string.find(item.title, tok) != -1:
add = True
if add:
results.append(item)
user = database.users.get_current_user()
if user:
searches = db.GqlQuery("SELECT * FROM Search WHERE created_by_id = :1 AND search = :2", user.user_id(), query)
if searches.count() == 0:
search = database.Search()
search.created_by_id = user.user_id()
search.search = query
search.put()
trusted_partners = database.TrustedPartner.all()
database.render_template(self, 'items/search.html', { 'items': results, 'query': query, "partners" : trusted_partners, 'limit' : limit, 'search_by' : search_by, 'sort_by' : sort_by })
